How to check if your DNS Server was hacked
Post initially published in Avira Techblog. You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites. FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world-wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers. So, if the botnet is shut down why all this trouble? FBI will deactivate those new valid DNS servers on March 8, 2012. If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS…